************************** Sponsored By Corero *************************
White Paper: "DDoS Attacks: Coming to a Network Near You." DDoS attacks can inflict disastrous loss of revenue and reputation to organizations doing business on the Internet. This paper, written by network security analyst, Richard Stiennon, explains the newest attacks and how to mitigate the risk with DDoS Defense technology from Corero Network Security. http://www.sans.org/info/90911
- --SANS San Francisco 2011, San Francisco, CA, November 14-19, 2011 5 courses. Bonus evening presentations include The Worst Mistakes in Cloud Computing Security; Offensive Countermeasures; and Watching the Wire at Home http://www.sans.org/san-francisco-2011/
- --EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011 Pre-Summit Courses November 26-30, 2011 Post-Summit Courses December 3-4, 2011 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. http://www.sans.org/eu-scada-2011/
- --SANS San Antonio 2011, San Antonio, TX, November 28-December 5, 2011 7 courses. Bonus evening presentations include Effective Methods for Implementing the 20 Critical Security Controls; and Assessing Deception: Are They Lying to You? http://www.sans.org/san-antonio-2011/
- --SANS London 2011, London, UK, December 3-12, 2011 18 courses. Bonus evening presentations include IPv6 Challenges for Intrusion Detection and Understanding How Attackers Bypass Network and Content Restrictions. http://www.sans.org/london-2011/
- --SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
- --SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
Plus Sydney, Tokyo, Perth and Atlanta all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php **************************************************************************
TOP OF THE NEWS
Mac App Store Will Require Sandboxing Support as of March 1, 2012 (November 3 & 7, 2011)
FBI Says Using Fake Cell Tower is Within Their Purview (November 3, 2011)
Federal authorities maintain that their use of a fake Verizon cell phone tower to conduct surveillance on a suspect can be considered a legitimate search under the Fourth Amendment. The spoofed tower device, known colloquially as a stingray, was used in a case involving an alleged identity thief. Stingrays conduct a man-in-the-middle attack, intercepting crucial mobile device data before transmitting it to a legitimate cell phone tower. An affidavit submitted by the FBI's tracking technology unit says that the stingray harvests only the equivalent of header data, and thus does not require a search warrant. The affidavit goes on to say that the stingray also collects the data from other devices in the same general location as the target, and that FBI policy requires that all data stored in the tool are purged once an operation has concluded. -http://www.wired.com/threatlevel/2011/11/feds-fake-cell-phone-tower/
The Significance of Naming Names (November 7, 2011)
The report released last week by the Office of the National Counterintelligence Executive "mark [ed ] the first time the United States government has unequivocally stated, in emphatic and highly publicized fashion, that China and Russia are responsible for a pervasive electronic campaign to steal American intellectual property, trade secrets, negotiating strategies, and sensitive military technology." Journalist Shane Harris writes that "the release of this report may turn out to be the Internet's iron Curtain moment," comparing its effect to that of Winston Churchill's 1946 address. -http://www.washingtonian.com/blogarticles/people/capitalcomment/21474.html [Editor's Note (Pescatore): Actually, many *are* trying to equate this to the Iron Curtain/Cold War, hoping that the same types of budgets and spending will occur through overhype. This focus leads to $5,000 coffeepots, not higher levels of security. (Northcutt): I tried to read this, but it wanted me to subscribe to the Washingtonian magazine first. Here is a USA Today version: -http://www.usatoday.com/news/washington/story/2011-11-03/china-russia-cybersecur ity/51065010/1 I do not think this will become an Iron Curtain moment: -http://www.historyguide.org/europe/churchill.html]
US Supreme Court to Hear GPS Tracking Forth Amendment Case (November 7, 2011)
The US Supreme Court will hear arguments on Tuesday, November 8, in a case regarding the authority of law enforcement officers to surreptitiously place a GPS device on a vehicle to track a suspect's movements without obtaining a probable cause warrant from a judge. The government has argued in court briefs that "a person has no reasonable expectation of privacy in his movements from one place to another." The specifics of the case involve Antoine Jones, who was convicted and sentenced to life in prison for dealing cocaine. Police had tracked Jones for a month through a device they had affixed to his car. Jones' conviction and sentence were overturned by the US Court of Appeals for the District of Columbia, which said that the tracking was tantamount to an illegal search that violated Jones' Fourth Amendment rights. Other federal appeals courts have ruled that a warrant is not needed for GPS tracking. The Justice Department views GPS devices as being equivalent to the beeper devices that were used to track vehicles decades ago. The man who is credited for inventing the GPS has written an amicus brief, saying that the two devices are very different. -http://www.wired.com/threatlevel/2011/11/gps-tracking-flourishes/all/1 [Editor's Note (Liston): Generally, I tend to always land on the "Fourth Amendment" side in these types of cases. However, in this situation, I really don't see how GPS surveillance is doing anything more than simply replacing an officer being assigned to follow a suspect, something for which a warrant is not required. ]
Researchers Find Holes in Prison SCADA Systems (November 7, 2011)
According to three researchers, some control systems used at federal prisons are vulnerable to hijacking, potentially granting outsiders the ability to gain remote control over industrial control systems and programmable logic controllers allowing them to gain control of cell door mechanisms and internal communications. The attack was demonstrated at a conference in Miami late last month. The researchers provided their findings to prison authorities at the state and federal levels and the Department of Homeland Security (DHS) has confirmed those findings. The researchers found that some systems that were not supposed to be connected to the Internet in fact did have Internet connections, and those that did not have Internet connections could become infected with malware like Stuxnet brought in on a flash drive. Bill Brenner points out that "this isn't a new threat," and ponders where the balance can be struck between crying wolf and making sure problems are addressed. -http://arstechnica.com/business/news/2011/11/vulnerabilities-give-hackers-abilit y-to-open-prison-cells-from-afar.ars -http://blogs.csoonline.com/1794/hacking_the_prison_useless_fiction_or_necessary_ fud [Editor's Note (Murray): Imagine what our security might look like if we could harness the energy of these NVPs to work on solutions instead of spending their time identifying obscure, but sensational, vulnerabilities. ]
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Mark Weatherford, Chief Security Officer, North American Electric Reliability Corporation (NERC).
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/